1. Google says Gems are ‘one of the most used Gemini Advanced features,’ adds file upload  9to5Google
2. Gemini Live is getting ready to chat with you about your files (APK teardown)  Android Authority
3. Google thinks attachments could be the perfect conversation starter for Gemini Live  Android Police
4. Google's Gemini AI may soon allow users to edit files using voice commands  The Times of India
5. Gemini Live could soon start messing around with your files  Android Central

In this tutorials we tell how to create file upload progress bar with PHP and jQuery. In this post we had developed few lines of code using PHP APC library, it is very simple getting the server file upload process every few second and increasing the bar color using jquery css property. Just take a [...]

View and Vote

The web form is a commonly used element in each website. In some cases, the user is allowed to select files with the input data so that the files are attached to the form data. Mostly the default HTML file input interface is used to select and upload files. But if you want to make web form UI more effective, drag and drop file upload feature can be used. The drag-and-drop feature provides an advanced file upload interface on the web page. The user can drag the files from the local drive and drop them into the DOM element. In

The post Create Web Form with Drag and Drop File Upload using JavaScript and PHP appeared first on CodexWorld.

[Sponsored] If you’re building an app that requires a lot of user-generated content and media that needs to be processed, tagged, filtered, or otherwise manipulated in real-time, you definitely want a solution that’s fast and seamless and doesn’t get in the way of your app’s primary functionality. Filestack is a service you’ll want to consider. Here’s what Filestack offers:

The post Filestack: A File Uploader and Powerful APIs to Deliver and Transform App Content appeared first on Impressive Webs.

SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.

Large file uploads in a web browser are problematic, even in 2018. If working with a poor network connection, uploads can fail and have to be retried from the start.

At Auphonic, our users have to upload large audio and video files, or multiple media files when creating a multitrack production. To minimize any potential issues, we integrated various external services which are specialized for large file transfers, like FTP, SFTP, Dropbox, Google Drive, S3, etc.

To further minimize issues, as of today we have also released resumable and chunked direct file uploads in the web browser to auphonic.com.

If you are not interested in the technical details, please just go to the section Resumable Uploads in Auphonic below.

The Problem with Large File Uploads in the Browser

If using either mobile networks (which remain fragile) or unstable WiFi connections, file uploads are often interrupted and will fail. There are also many areas in the world where connections are quite poor, which makes uploading big files frustrating.

After an interrupted file upload, the web browser must restart the whole upload from the start, which is a problem when it happens in the middle of a 4GB video file upload on a slow connection.
Furthermore, the longer an upload takes, the more likely it is to have a network glitch interrupting the upload, which then has to be retried from the start.

The Solution: Chunked, Resumable Uploads

To avoid user frustration, we need to be able to detect network errors and potentially resume an upload without having to restart it from the beginning.

To achieve this, we have to split a file upload in smaller chunks directly within the web browser, so that these chunks can then be sent to the server afterwards.
If an upload fails or the user wants to pause, it is possible to resume it later and only send those chunks that have not already been uploaded.
If there is a network interruption or change, the upload will be retried automatically.

Companies like Dropbox, Google, Amazon AWS etc. all have their own protocols and API's for chunked uploads, but there are also some open source implementations available, which offer resumable uploads:

resumable.js [link]:

"A JavaScript library providing multiple simultaneous, stable and resumable uploads via the HTML5 File API"
This solutions is a JavaScript library only and requires that the protocol is implemented on the server as well.

tus.io [link]:

"Open Protocol for Resumable File Uploads"
Tus.io offers a simple, cheap and reusable stack for clients and servers (in many languages). They have a blog with further information about resumable uploads, see tus blog.

plupload [link]:

A JavaScript library, similar to resumable.js, which requires a separate server implementation.

We chose to use resumable.js and developed our own server implementation.

Resumable Uploads in Auphonic

If you upload files to a singletrack or multitrack production, you will see the upload progress bar and a pause button, which is one way to pause and resume an upload:

It is also possible to close the browser completely or shut down your computer during the upload, then edit the production and upload the file again later. This will just resume the file upload from the position where it was stopped before.
(Previously uploaded chunks are saved for 24h on our servers, after that you have to start the whole upload again.)

In case of a network problem or if you switch to a different connection, we will resume the upload automatically.
This should solve many problems which were reported by some users in the past!

You can of course also use any of our external services for stable incoming and outgoing file transfers!

Do you still have Uploading Issues?

We hope that uploads to Auphonic are much more reliable now, even on poor connections.

If you still experience any problems, please let us know.
We are very happy about any bug reports and will do our best to fix them!

FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.

Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.

Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.

PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.

WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.

When working on Readerrr, I wanted to enrich the experience of uploading an OPML file for importing feeds from other readers. There is nothing wrong with the traditional way for uploading a file, but it is a good thing to provide the alternative way – drag & drop file uploading. I've combined my experience into an article which you are very welcome to read on CSS-Tricks.

Read the article

Try the Demo